Re: [IMail Forum] Possible Hack of IMail server?
To expand upon what Travis said, that is a known "problem" with Imail 8.22 IIRC. Make sure you are running HF2 along with checking all root passwords, but you should seriously consider upgrading from 8.22 for that problem.John T eServices For You -Original Message- From: "Chris Ulrich" <[EMAIL PROTECTED]> Sent 11/10/2008 10:06:21 AM To: [email protected] Subject: RE: [IMail Forum] Possible Hack of IMail server?Great - thanks At 11:54 AM 11/10/2008, you wrote: >Ah ok - in that case make sure your root passwords were changed for each >domain. The default is "password". > >Travis > >-Original Message- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of Chris Ulrich >Sent: Monday, November 10, 2008 7:15 AM >To: [email protected] >Subject: RE: [IMail Forum] Possible Hack of IMail server? > >Its not at the "sub level" - its at the user level. > >So there is a users folder, and then: > >\users\chris >\users\tom >\users\p >\users\po >\users\post >\users\postma >\users\postmast > >I know what you are referring to, but that would cause: > >\users\chris >\users\chris\p >\users\chris\po >\users\chris\post >\users\chris\postma >\users\chris\postmast > >I'm seeing it at the base level > >Thanks > > >At 09:51 AM 11/10/2008, you wrote: > >Well if you have '-' setup as the mailbox delimiter I can make this happen > >by sending email to: [EMAIL PROTECTED], [EMAIL PROTECTED] and so on. >Not > >sure if it is a sign they have been hacked - spammed, but not hacked. > > > >Travis > > > >-Original Message- > >From: [EMAIL PROTECTED] > >[mailto:[EMAIL PROTECTED] On Behalf Of Chris Ulrich > >Sent: Monday, November 10, 2008 6:26 AM > >To: [email protected] > >Subject: [IMail Forum] Possible Hack of IMail server? > > > >We've had weird behavior the last two saturdays - around the same > >time outbound messages stopped going out & clients got a "15 tries" > >bounce back. I looked for the logs and they ended around 3:15pm both days. > > > >I started checking to see if a virus update or other update was > >running at that time, but have not find one yet. > > > >One user had an issue - a box that couldn't delete messages. I went > >into x:\imail\domain\Users to look at the list of folders. I'm > >seeing new folders in there, and I vaguely remember this from years > >ago. The folders ("user accounts") are: > > > >\p > >\po > >\post > >\postma > >\postmast > >\postmaste > > > >We've found it in virtual domains. > > > >I'm not sure if it is related, definitely odd. Has anyone seen > >behavior like what I"m seeing on Saturdays? > > > >And has anyone dealt with this phenomenon: > > > >\p > >\po > >\post > >\postma > >\postmast > >\postmaste > > > >I'm on v 8.22 if that helps. I'm also running Declude AV & Anti-Spam > > > >Any suggestions would be much appreciated! > > > >--- >- > > > >Chris Ulrich > >Cydian Technologies > > > > > >To Unsubscribe: http://imailserver.com/support/discussion_list/ > >List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > >Knowledge Base/FAQ: http://imailserver.com/support/kb.html > > > >No virus found in this incoming message. > >Checked by AVG - http://www.avg.com > >Version: 8.0.175 / Virus Database: 270.9.0/1778 - Release Date: 11/9/2008 > >2:14 PM > > > > > >To Unsubscribe: http://imailserver.com/support/discussion_list/ > >List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > >Knowledge Base/FAQ: http://imailserver.com/support/kb.html > > >To Unsubscribe: http://imailserver.com/support/discussion_list/ >List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ >Knowledge Base/FAQ: http://imailserver.com/support/kb.html > > >To Unsubscribe: http://imailserver.com/support/discussion_list/ >List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ >Knowledge Base/FAQ: http://imailserver.com/support/kb.html To Unsubscribe: http://imailserver.com/support/discussion_list/ List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://imailserver.com/support/kb.html
RE: [IMail Forum] Possible Hack of IMail server?
Great - thanks At 11:54 AM 11/10/2008, you wrote: Ah ok - in that case make sure your root passwords were changed for each domain. The default is "password". Travis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Ulrich Sent: Monday, November 10, 2008 7:15 AM To: [email protected] Subject: RE: [IMail Forum] Possible Hack of IMail server? Its not at the "sub level" - its at the user level. So there is a users folder, and then: \users\chris \users\tom \users\p \users\po \users\post \users\postma \users\postmast I know what you are referring to, but that would cause: \users\chris \users\chris\p \users\chris\po \users\chris\post \users\chris\postma \users\chris\postmast I'm seeing it at the base level Thanks At 09:51 AM 11/10/2008, you wrote: >Well if you have '-' setup as the mailbox delimiter I can make this happen >by sending email to: [EMAIL PROTECTED], [EMAIL PROTECTED] and so on. Not >sure if it is a sign they have been hacked - spammed, but not hacked. > >Travis > >-Original Message- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of Chris Ulrich >Sent: Monday, November 10, 2008 6:26 AM >To: [email protected] >Subject: [IMail Forum] Possible Hack of IMail server? > >We've had weird behavior the last two saturdays - around the same >time outbound messages stopped going out & clients got a "15 tries" >bounce back. I looked for the logs and they ended around 3:15pm both days. > >I started checking to see if a virus update or other update was >running at that time, but have not find one yet. > >One user had an issue - a box that couldn't delete messages. I went >into x:\imail\domain\Users to look at the list of folders. I'm >seeing new folders in there, and I vaguely remember this from years >ago. The folders ("user accounts") are: > >\p >\po >\post >\postma >\postmast >\postmaste > >We've found it in virtual domains. > >I'm not sure if it is related, definitely odd. Has anyone seen >behavior like what I"m seeing on Saturdays? > >And has anyone dealt with this phenomenon: > >\p >\po >\post >\postma >\postmast >\postmaste > >I'm on v 8.22 if that helps. I'm also running Declude AV & Anti-Spam > >Any suggestions would be much appreciated! > >--- - > >Chris Ulrich >Cydian Technologies > > >To Unsubscribe: http://imailserver.com/support/discussion_list/ >List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ >Knowledge Base/FAQ: http://imailserver.com/support/kb.html > >No virus found in this incoming message. >Checked by AVG - http://www.avg.com >Version: 8.0.175 / Virus Database: 270.9.0/1778 - Release Date: 11/9/2008 >2:14 PM > > >To Unsubscribe: http://imailserver.com/support/discussion_list/ >List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ >Knowledge Base/FAQ: http://imailserver.com/support/kb.html To Unsubscribe: http://imailserver.com/support/discussion_list/ List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://imailserver.com/support/kb.html To Unsubscribe: http://imailserver.com/support/discussion_list/ List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://imailserver.com/support/kb.html To Unsubscribe: http://imailserver.com/support/discussion_list/ List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://imailserver.com/support/kb.html
RE: [IMail Forum] Possible Hack of IMail server?
Ah ok - in that case make sure your root passwords were changed for each domain. The default is "password". Travis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Ulrich Sent: Monday, November 10, 2008 7:15 AM To: [email protected] Subject: RE: [IMail Forum] Possible Hack of IMail server? Its not at the "sub level" - its at the user level. So there is a users folder, and then: \users\chris \users\tom \users\p \users\po \users\post \users\postma \users\postmast I know what you are referring to, but that would cause: \users\chris \users\chris\p \users\chris\po \users\chris\post \users\chris\postma \users\chris\postmast I'm seeing it at the base level Thanks At 09:51 AM 11/10/2008, you wrote: >Well if you have '-' setup as the mailbox delimiter I can make this happen >by sending email to: [EMAIL PROTECTED], [EMAIL PROTECTED] and so on. Not >sure if it is a sign they have been hacked - spammed, but not hacked. > >Travis > >-Original Message- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of Chris Ulrich >Sent: Monday, November 10, 2008 6:26 AM >To: [email protected] >Subject: [IMail Forum] Possible Hack of IMail server? > >We've had weird behavior the last two saturdays - around the same >time outbound messages stopped going out & clients got a "15 tries" >bounce back. I looked for the logs and they ended around 3:15pm both days. > >I started checking to see if a virus update or other update was >running at that time, but have not find one yet. > >One user had an issue - a box that couldn't delete messages. I went >into x:\imail\domain\Users to look at the list of folders. I'm >seeing new folders in there, and I vaguely remember this from years >ago. The folders ("user accounts") are: > >\p >\po >\post >\postma >\postmast >\postmaste > >We've found it in virtual domains. > >I'm not sure if it is related, definitely odd. Has anyone seen >behavior like what I"m seeing on Saturdays? > >And has anyone dealt with this phenomenon: > >\p >\po >\post >\postma >\postmast >\postmaste > >I'm on v 8.22 if that helps. I'm also running Declude AV & Anti-Spam > >Any suggestions would be much appreciated! > >--- - > >Chris Ulrich >Cydian Technologies > > >To Unsubscribe: http://imailserver.com/support/discussion_list/ >List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ >Knowledge Base/FAQ: http://imailserver.com/support/kb.html > >No virus found in this incoming message. >Checked by AVG - http://www.avg.com >Version: 8.0.175 / Virus Database: 270.9.0/1778 - Release Date: 11/9/2008 >2:14 PM > > >To Unsubscribe: http://imailserver.com/support/discussion_list/ >List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ >Knowledge Base/FAQ: http://imailserver.com/support/kb.html To Unsubscribe: http://imailserver.com/support/discussion_list/ List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://imailserver.com/support/kb.html To Unsubscribe: http://imailserver.com/support/discussion_list/ List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://imailserver.com/support/kb.html
RE: [IMail Forum] Possible Hack of IMail server?
Its not at the "sub level" - its at the user level. So there is a users folder, and then: \users\chris \users\tom \users\p \users\po \users\post \users\postma \users\postmast I know what you are referring to, but that would cause: \users\chris \users\chris\p \users\chris\po \users\chris\post \users\chris\postma \users\chris\postmast I'm seeing it at the base level Thanks At 09:51 AM 11/10/2008, you wrote: Well if you have '-' setup as the mailbox delimiter I can make this happen by sending email to: [EMAIL PROTECTED], [EMAIL PROTECTED] and so on. Not sure if it is a sign they have been hacked - spammed, but not hacked. Travis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Ulrich Sent: Monday, November 10, 2008 6:26 AM To: [email protected] Subject: [IMail Forum] Possible Hack of IMail server? We've had weird behavior the last two saturdays - around the same time outbound messages stopped going out & clients got a "15 tries" bounce back. I looked for the logs and they ended around 3:15pm both days. I started checking to see if a virus update or other update was running at that time, but have not find one yet. One user had an issue - a box that couldn't delete messages. I went into x:\imail\domain\Users to look at the list of folders. I'm seeing new folders in there, and I vaguely remember this from years ago. The folders ("user accounts") are: \p \po \post \postma \postmast \postmaste We've found it in virtual domains. I'm not sure if it is related, definitely odd. Has anyone seen behavior like what I"m seeing on Saturdays? And has anyone dealt with this phenomenon: \p \po \post \postma \postmast \postmaste I'm on v 8.22 if that helps. I'm also running Declude AV & Anti-Spam Any suggestions would be much appreciated! Chris Ulrich Cydian Technologies To Unsubscribe: http://imailserver.com/support/discussion_list/ List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://imailserver.com/support/kb.html No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.175 / Virus Database: 270.9.0/1778 - Release Date: 11/9/2008 2:14 PM To Unsubscribe: http://imailserver.com/support/discussion_list/ List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://imailserver.com/support/kb.html To Unsubscribe: http://imailserver.com/support/discussion_list/ List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://imailserver.com/support/kb.html
RE: [IMail Forum] Possible Hack of IMail server?
Well if you have '-' setup as the mailbox delimiter I can make this happen by sending email to: [EMAIL PROTECTED], [EMAIL PROTECTED] and so on. Not sure if it is a sign they have been hacked - spammed, but not hacked. Travis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Ulrich Sent: Monday, November 10, 2008 6:26 AM To: [email protected] Subject: [IMail Forum] Possible Hack of IMail server? We've had weird behavior the last two saturdays - around the same time outbound messages stopped going out & clients got a "15 tries" bounce back. I looked for the logs and they ended around 3:15pm both days. I started checking to see if a virus update or other update was running at that time, but have not find one yet. One user had an issue - a box that couldn't delete messages. I went into x:\imail\domain\Users to look at the list of folders. I'm seeing new folders in there, and I vaguely remember this from years ago. The folders ("user accounts") are: \p \po \post \postma \postmast \postmaste We've found it in virtual domains. I'm not sure if it is related, definitely odd. Has anyone seen behavior like what I"m seeing on Saturdays? And has anyone dealt with this phenomenon: \p \po \post \postma \postmast \postmaste I'm on v 8.22 if that helps. I'm also running Declude AV & Anti-Spam Any suggestions would be much appreciated! Chris Ulrich Cydian Technologies To Unsubscribe: http://imailserver.com/support/discussion_list/ List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://imailserver.com/support/kb.html No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.175 / Virus Database: 270.9.0/1778 - Release Date: 11/9/2008 2:14 PM To Unsubscribe: http://imailserver.com/support/discussion_list/ List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://imailserver.com/support/kb.html
